Thank you for watching!
Thank you for watching!
Thank you for watching!
And since I don't have blue hair, I guess you all figured out that I'm sort of part of a corporate world instead.
I work for Telia, Telia Mobile.
Telia Mobile, which is Scandinavia's largest mobile and wireless internet company.
So, that's where I come from.
English is not my first language, as you might well hear.
And my first time in your wonderful country, my first time in Vegas, my first time at DEF CON, and my first time using PowerPoint.
So, thank you.
I'm a bit nervous about this.
Well, I hope everyone can read, though.
Yeah, let's start.
Sorry.
First, I didn't bring any cards.
There have been like a hundred people asking me for cards.
I haven't, so please just take a note if you're interested.
There will be questions and hopefully answers in the end of this presentation.
I would like to not be interrupted, though, during the presentation, because I get totally out of sync.
I am totally out of sync, because I actually jet-lagged out of my mind after 25 hours on an airplane yesterday.
So, but anyway, let's start.
So, first, I want to talk about the fears and insecurities of a wireless generation.
I will talk now about a network approach to security.
This will not be about web.
And I will explain in a couple of minutes why it will not be about web.
There are very good papers about the insecurities of web, but I will not really talk very deeply about that.
I will talk about very briefly.
And Bruce will talk about that.
Bruce Schneier, if you're here, you can probably spank me afterwards, but I will talk briefly about why cryptology won't save us.
And I will also talk briefly about the future concept of a couple of new attacks and stuff like that.
This is actually a presentation of a technical paper that I've written about, well, some known and some not very well-known attacks against different wireless protocols.
This will not only be about 811.2.b or whatever the name is, but actually also about Bluetooth, which is getting quite huge in Europe anyway.
I don't know how it's here.
And a couple of other wireless protocols.
And they're shared sort of insecurities.
So, is that okay with you?
Great.
Because I don't have any other secrets.
So, I think that's great.
Okay.
Well, why will not this be about web?
Well, first of all, web, the focus on security in wireless networks has been on web for quite some time now, like one and a half years.
People have been talking about, well, is the key size all right?
Is it even right to implement security on data link layer and everything?
I must say that web is crap.
Not only, thank you, but not only because it's very, very flawed, but actually also because it is flawed.
Is that the correct term?
Yeah.
But also because it gives people a false sense of security.
So, people say, okay, let's turn on web, and then we're off to market.
And it really doesn't work that way.
And also, it sort of drags the...
...focus of the real issues of wireless security.
Solving problems with web won't solve these issues.
I mean, you can have, like, I don't know, a thousand bits of key length and, I mean, the best crypto protocol ever.
And if you still store the keys on the computer, which is unsecured, you're basically fucked anyway.
So...
And...
Which I have shown in this, or will show, hopefully.
Well, anyway, and web is only for one standard.
It's only for Wi-Fi standard 802.11.
And not for Bluetooth or any of these other standards that don't have web.
Okay?
So, I will start to talk about, first, about network approach.
The approach to security.
That we need a separation of networks and secure the handhelds.
Basically, this is about...
I'm coming from a company that works a lot with handheld devices.
It has been a cellular company for 15 years in Sweden.
And now we're moving more and more towards sort of handheld device that not only speak GSM,
which is the cellular networks in Europe,
but also might be able to do handovers to radio LANs and different kinds of radio access technologies.
So, how to secure the handhelds?
Okay.
This is a real crappy picture.
As you can see, I've never used PowerPoint before.
But I'll try to explain this anyway.
This is picture of an internal network here.
Business network.
It's green because it's on the inside of this firewall here, which is a dotted line.
I decided to draw this firewall sort of network topologically.
Two routers with a DMZ in between.
And each of these routers are having access lists.
So, and over out there is big bad internet.
BBI.
So, and on to your left, down there is something marked AP.
That's an access point for a radio network.
So, that's cool.
Yeah, great.
And a server on its top left.
They look like that.
Okay.
Well, separation of networks.
I mean, this is really, really basic.
You guys will probably hear about war driving tomorrow or will attend some other, I don't know, radio security class.
But the coverage area of this AP actually far exceeds the physical boundaries of the building.
Okay.
So, when you are an elite hacker over here with a directional antenna,
you are actually connected to the inside of the firewall.
Everyone understands that.
So, basically what young people are doing right now,
they are standing in the parking lot with a directional antenna,
or not even a directional antenna,
basically because you have really good coverage areas on those access points now.
But if you have a directional antenna, you could be standing up to 100, 150 meters away.
And if you...
If you don't care about rules and regulations,
you could put a little amplifier there and actually be standing a couple of kilometers away.
And, well...
And the reason I know this is because we do it.
And...
No, I'm just kidding.
But anyway, it's a really cheap way to actually build radio links
if you are an operator here.
So, use a directional antenna and a power amplifier
and you'll be away, like, a couple of kilometers away.
And you can actually sniff the network,
or you can hack the boxes with inside,
because everyone knows that, well, if we have installed the firewall,
we don't secure the shit behind it, actually.
So, you have a lot of Windows machines there.
Now, if we put the access point,
and this is like a huge point in my presentation,
this slide.
So, memorize it.
If we put the access point not on the internal network,
but actually on the DMZ instead,
or some DMZ instead,
the lead hacker won't be able to actually hack our top left server here.
But we'll...
Hopefully, anyway, we could limit access
to what the network...
the radio network devices
have access to.
And I know that this isn't really, like,
a nice way of doing things,
because we want to give access to everything on the inside
to everyone with their handheld device.
But seriously, well, life sucks.
So, we have to put it out on DMZ instead.
I think so, at least,
because we can't really control the flow of information
between those internal networks
because of the limitations of physical security.
Okay?
Point two in this is about securing the handhelds.
Now, we actually have an internal user, whatever,
with a PDA here.
It's really beautifully drawn.
And a lead hacker over there.
And the PDA, of course,
can, well, access some information.
It could probably authenticate itself to the server
and somehow extract the information
that it wants from there.
Now...
We do have legitimate traffic there.
Now, the lead hacker could actually,
in this point,
try to hack the handheld instead.
And everyone understands this.
Or the access point,
because access points are really, really dumb today.
They can't really protect themselves.
There are no packet filtering access points today.
They can't, like, protect themselves, actually.
And all administration is done in plain text, by the way.
So, well, hack the handheld,
and you still have access to whatever
that handheld has access to.
Right?
Okay?
Now, another point is that
you can attack it over the radio interface,
and that would be really, really simple,
because basically you are on the same hub,
not switch, even,
that the handheld is on.
I mean, and it's basically, today,
an issue of finding the right operating system
on the handheld,
and just hack that.
But you can actually,
you don't even have to have radio coverage
in order to attack it.
I mean, you all probably are reading
OLNet, Fred Cohen.
And he has written a very nice example
of 50 ways how to hack,
how to, what is it?
50 ways to get through your firewall,
or something like that.
And, I mean, like, send them an email
with a Trojan horse,
and everything,
and this has crap to do about hacking.
I mean, I do understand this,
but it has a thing or two to do about,
with attacking the network.
So we can still send them an email or a disk
saying that this is software update or whatever,
hostile Java or whatever.
The reason that I actually have this slide in,
because I know that you guys all know this,
is that my boss don't.
And so this is basically for him.
But anyway.
Conclusions.
We do have to separate networks.
Put the radio LAN on its own DMZ.
Yeah.
And secure the handhelds.
Now, this is quite,
I mean, secure the handhelds
is really an issue here.
We do have to give them a personal firewall
in order to make them
to actually protect themselves.
Because the outer perimeter of the firewall
will not help
if you are on the same radio network, right?
So you need a personal firewall.
You need VPN clients
in order to get access to the inner network.
And you need a good configuration of the OS.
You need antivirus protection
in order to protect you from Trojans
and stuff like that.
And this is a huge point.
Because I don't see this
on handheld devices yet.
I don't know about you,
but I have not seen anything like this
on Windows CE, on Pocket PC,
on...
I think the first antivirus on Palm
came up like two months ago.
And I might be misinformed
because I am in the corporate world
and not a hacker as you.
So I might be misinformed.
But I still feel that it is kind of...
it's kind of strange
that I don't know any...
I can't even think of any products
that does this yet.
There aren't those kind of products.
I think.
Okay, do you understand my English so far?
Thanks.
You're so nice.
Well, anyway...
Okay, let's go to
the next point in my presentation.
Will cryptology save us?
Well...
And I have a couple of points there.
Where should we implement cryptography?
WEP is a link layer,
layer two protocol.
But is that really a good solution to it?
And people up here are saying,
no.
You guys are from Berkeley?
Because they actually wrote
a very, very good paper about
the insecurities of WEP.
But anyway...
And what is encrypted and why?
Because today we only encrypt
radio traffic.
Not any other traffic.
Not administrative traffic
for the access points, for example.
Which is going in Telnet.
Or HTTP.
Not even HTTPS.
Okay? So it sucks.
And vulnerabilities in design.
Again, this is not vulnerabilities
of WEP.
But actually vulnerabilities
in the implementations
of a couple of protocols.
Anyway...
First of all,
there are some very different views
on where to implement cryptography.
As you can see,
some people might say,
IPSec, you should have that at session layer
and not on transport layer.
Well, this is IPSec in...
What's it called?
Encryption mode.
Not tunneling mode.
Because otherwise I would have
put it up on session instead.
And VPN...
That's a fairly general...
Generalization over there.
But there are...
Well, a couple of VPN products
that do it from session layer.
And SSH.
And WEP, as you can see,
on data link layer.
Okay?
The higher you put it
in the OSI stack,
you're all familiar with the
OSI model, right?
No?
Right.
Thanks.
Okay.
The higher you put it,
the overhead increases, of course.
And this is something that we don't want
in radio networks.
Because radio networks is...
I mean, bandwidth, actually.
And everything is a bandwidth issue
in radio networks.
So more overhead, slower networks.
And radio is, well,
not very good at that.
So another thing is that...
Is that if we start encrypting stuff,
the IDSs won't be able
to see what's happening.
So we have to actually
terminate those tunnels
or encryption schemes or whatever
before, well, the network.
And...
Before the network layer
so that the IDS will be able
to see what's happening.
I mean, and equivalent to that...
I mean, if I send you an...
If I send you a virus-infected mail,
your antivirus will probably spot it.
But if I encrypt that mail,
it won't.
I mean, that's basically
the same thing here.
So if you have attacks
against the encryption...
You have the attacks
tunneled in encryption protocols,
you encrypted protocols,
the IDS won't be able
to see that.
So I think that's a fairly
interesting point as well.
Where should we implement...
Where should we implement encryption?
I will not...
I will not really give you
a solution to that,
but I want you to think about that
because these are real issues
for us working with integration.
And if you go back
and you guys have
a really, really good point
or a really good solution,
please come up to me afterwards
and I...
I'll take that and get home
and make a lot of money on that.
So, thanks.
Next point.
What is encrypted and why?
I mean, we only see that traffic
over the radio interface today
is encrypted with web.
Okay?
But...
All communication...
Administration communication
with the AP is...
From the other part
of the network
is still done in plain text.
And if I can connect something
or hijack a computer
on the network,
I will still be able to see
with an ordinary sniffer
what's happening.
So that is really
a huge issue for me.
I'm also working...
I'm working with research and development.
Is that a correct term?
Yeah?
I'm working with research and development
at TeleMobile.
And we are talking a lot
to different vendors
about new products and stuff like that.
And...
My first question is always
can this...
Can this new type of equipment...
Can it...
Can it secure itself
or can it defend itself
against different...
Well...
In this case, no, it can't.
I mean, it doesn't even support
encrypted administration protocols.
And here, bandwidth
is actually not an issue.
I mean, because you aren't supposed
to do administration
over the radio interface.
You're supposed to do administration
from another interface.
However...
And this is quite scary.
You could...
You could probably still...
At least at some access points
actually administrate it.
from the radio interface.
And what's even worse is
that you could do it
even if you have WEP turned on.
Now, think about that for a second.
That means that if you actually
get a hold of the password
or whatever to...
To log in to this access point,
I can Telnet to it
and turn off the encryption
on that access point
from the radio network,
which extends a kilometer and a half.
Well, sorry.
That's like...
What is this?
That 3,500 feet
or something like that.
So, that's quite interesting, I think.
Okay.
And another thing is that...
And this is part of WEP, actually.
So, I'm sorry I lied to you
in the beginning.
This is about WEP.
But anyway, I can still see
some vital information
on the radio interface,
such as IP address,
ESS ID,
which is basically...
Community name or whatever
for this radio network,
and et cetera.
A couple of other things
that are really interesting
for me as an untacker.
And I will show you later on
how we actually use that
in an attack.
Ooh.
And vulnerabilities in design.
The keys are stored on a...
Very often unproductive
and unprotected device.
Now, in our example
that I will show
in the next couple of slides
is that device wasn't really
a handheld device.
It was a laptop computer
using Windows 2000.
But it was an ordinary
IT department installation
of Windows 2000.
And the network
was actually using WEP.
And it has a very neat feature.
Oh, well, I get to that.
But it's really, really interesting.
This is not like a handheld.
It's an ordinary computer
running Windows 2000.
But I guess that there are
similarities anyway
to what we will see
come in the future.
And another thing is that
key distribution
is done in plain text.
I mean, how are people
going to get their keys
to their client machines?
I don't know if you...
I mean, there might be some designs
where you actually distribute the keys
on an encrypted channel.
But today it is...
I mean, it's not.
You do get the encryption keys
on an unencrypted channel.
And that's fairly interesting, I think.
Because I can sniff the keys.
Okay?
Typically one downloads it
from a web page, okay?
So...
Which is kind of scary.
Okay.
So this was the setup.
We did have a device
which was, in this case, a PC
with a Symbol card.
Not that it matters much.
But Symbol has this very, very nice
thing in their hardware.
If you're running it on Windows 2000
you can actually install
a little application on it.
So that you can take your computer...
The idea is brilliant.
I mean, you can take your computer
and it will sense
in the radio environment
on what network you are
and actually set the settings
according to that.
So you can have a set of settings
with encryption keys and stuff like that
on your office.
And then you fold up your computer
and go away and go home
and there you have another set of...
I mean, obviously you all have APs at home.
But anyway...
And then there you have
a different set of settings.
We are actually providing
public internet access in Sweden
with this type of equipment.
And so that would be
a third set of settings.
So by basically...
By just turning on
this card
it would go out into the air
and see what kind of profile
should I use for this.
And then...
Well...
Choose that profile
and connect to the radio network.
Right?
So we have had one of those.
And...
It's using WEP
because it is on the internal network.
Now...
I was a lead hacker out here
and I actually had an AP of my own
with a directional antenna in this case.
And...
My own little PC or server up there
at the far right corner.
Upper right corner.
Okay?
So the first thing I did was
to actually just connect to this...
First I just connected to the network
and actually saw what was there.
ESS ID.
The IP addresses and stuff like that.
And then...
What I started to do
was to broadcast
my own IP address
as being one on this network.
Okay?
And the point is that
if I had a directional antenna
with enough gain
it would automatically lose
its association with the inner access point
and start scanning through its own
this list of settings.
Okay?
Now that is fairly interesting I think
because what I could do
is that I actually could force it down to plain text.
If I have my own access point
with the same ESS ID and everything
and force it down to plain text.
So that's what we did.
Of course.
And then it's just a question actually
of cracking the system on the mobile unit.
In this real case it was Windows 2000.
So that should have taken like 20 seconds or something.
And then you could use
really any way of extracting the keys.
You could just copy the registry
or you could...
I mean I think that I...
Because I haven't really hacked a lot
on Windows 2000.
I haven't really hacked a lot
but...
at all.
But what I did was that I set up
my own authentication server.
And...
I had a sniffer running.
So that when the keys were exchanged
to that authentication server
I got them and game over.
So that was fairly simple.
Now I do understand why
you want to keep things simple for a user.
I mean...
So that the user doesn't really have to
manually select what kind of profile
am I going to use.
And especially not on older Windows systems
where you actually have to reboot after
every change.
But...
Well...
I think this is a fine way
to give you an example of how
web might be great.
It's not.
We all know that.
But it might be great.
But still implementations in...
Well...
As in...
Always.
Basically.
Okay?
You're awfully silent.
No one understands what I'm talking about
or everyone understands and just...
Yeah, move on.
We got the deal.
Okay?
Um...
Just a few things about cryptology.
Will it save us? No.
Conclusion is no.
There is no good policy,
at least to my knowledge,
on where to implement cryptography.
I mean...
Bandwidth on the radio interface
and intrusion detection
are limiting factors,
but we do have other as well.
And...
Well, how to do it correctly, basically.
Policies must affect all interfaces
and all traffic of the APs.
I mean...
If I can still telnet in
over the radio interface
to do administration,
I mean, that's...
That's really, really interesting.
I mean...
I think that is...
Someone had a brain fart.
And...
And another thing is that...
Is that you only have encryption
over the radio interface
and not on the outgoing interface
of that AP or network.
Bus.
Basically.
And...
The fundamental flaws might not be
in the encryption scheme,
but rather vulnerabilities in design.
Key distribution,
key storage,
et cetera.
Okay?
Yes.
Now, the future, new attacks.
I mean...
I think that it is serious enough
that we can today actually do word driving.
I think that it is actually a kind of scary
that you can force down
the radio environment to plain text mode
with this attack that I just recently described.
I also find it kind of scary
that it actually isn't just on Symbol
and on that application,
but you can actually do it other ways as well.
It's just that it's harder
to do it in other ways.
You can force it down to plain text.
And that's really a scary issue for me.
But new attacks,
what will be there in the future,
will we see cars that can be run
in both ad hoc and infrastructure mode?
I mean, ad hoc mode is basically
a point-to-point mode
where you can have a radio LAN card
connecting to another radio LAN card,
connecting to another radio LAN card.
But...
And today,
when we are building up LANs,
you don't want to do that.
You would rather have it using infrastructure mode
where you have a lot of things
connected to the same AP, right?
But...
But it's really interesting
when we see cards that can be run
both in ad hoc and infrastructure mode.
Today, I don't really know
if there are any such cards.
But if...
You have one!
But they can do this at the same time.
Sure.
Really?
Interesting.
Because in that case,
you could actually extend the ad hoc nets
around the firewall.
Even if you have...
So that's really interesting.
Thank you.
Because then I can relay that signal
to another computer
that relays it to another computer
that relays it to one and a half kilometers away.
Instead of...
And that's a scary thought, I think.
Otherwise, I would have tried to...
Of course, I would have tried to...
Well, anyway...
An idea I had was that you could
have a Trojan device driver
that actually switched really fast
between the two modes.
And buffered whatever comes...
Well, but I haven't really tried that.
But that's an interesting solution
to the same problem.
If you have cards that doesn't support this feature.
However, another thing that we are facing
is handover between different standards.
Radio standards.
And there is a question mark there.
But that is actually happening right now.
We are building up such a service
where we are actually...
We will see network cards
that doesn't only support IEEE 802.11
but also, for example, GPRS
which is a cellular thing up in Europe
or Bluetooth or whatever.
That you have combinational cards.
Is that the right term?
Combi cards.
That can switch between these different radio interfaces.
And not only switch between them
but actually do handover between them.
So that if you start a connection
with IEEE 802.11
you could seamlessly roam into the cellular network
and then over to another network
and still have the connection running, basically.
And...
Wow, what happens?
Oh, it's screensaver.
Yes.
Hooray!
Sorry.
I'm...
As you can see, I've never used PowerPoint before.
So...
But anyway...
And the thing is that today
when we are talking about handovers
at some point
there might be in the client
that you actually have two connections
up at the same time.
You have a connection
both to the GPRS network
and to the Radio LAN network, for example.
Can I use that
in order to source route packets
from one network to the other network
thus using your computer as a router?
And that's also quite interesting
because then I can route traffic
around your firewall
to the inside.
So I think that is...
That is also...
I haven't seen...
I haven't seen these attacks yet
because basically IP handover
isn't really...
I mean, those of you
who've read the specs for mobile IP
you know that it's...
It's not really easily implemented.
But we are...
Someone was giggling up here.
But we are actually doing that
in Telia right now.
Not mobile IP, but...
Well, it might be mobile IP
but we are trying out a couple of different
standards in order to
be able to solve this problem
with mobile handover issues.
And another thing is
spoofing in piconets.
I don't know if you know what a piconet is
but piconet is basically a term
used within
Bluetooth.
And basically
that is
Bluetooth...
Bluetooth infrastructure mode
sort of.
That you could actually...
You build up a network
where seven different
kind of
things are talking together
on the same network bus basically.
And
it's a time divisional
sort of radio access.
They haven't figured out
how piconets should work yet.
So the Bluetooth doesn't
really support them
yet.
You could only use Bluetooth today
as a cable replacement basically
point to point. But when you do
the authentication
based on hardware addresses such as
Bluetooth addresses will not be sufficient
because you can actually change that.
It wasn't meant
to be changed but all...
This is kind of cool actually
because they have
sold a lot of experimental
stuff now so that people
can start experimenting with Bluetooth
and all this and that.
And on that experimental
stuff basically everything
out on the market today you can
set your own hardware address.
And...
Excuse me?
I don't actually know.
He was speaking Swedish.
About the headset
to the telephone. I really
don't know if you could set
the hardware address on that. Can you?
Probably.
What I do know is
because Ericsson is the
vendor here that has actually
made... It's really cute.
You have like a headset for your cellular phone
and no cables
to the phone. And you can leave
the phone in one room and be away
like 10-15 meters and still...
Yeah. So it's really cute.
But anyway on that headset
on Ericsson equipment the other
things that they have actually
released such as the Blit
and such as
well a lot of other
things. You can actually change
the hardware address. So I
guess that you could do it on the
headset as well if you have
at least if you have some sort of
software writer to the headset.
Yes? Okay.
So what will happen when we change the
hardware address? I mean can we spoof
and...
Yeah. What will be the
implications of that?
I really hate this.
Okay.
I'll take questions
and probably provide some
answers in a little while. But just finally
if you are interested in WEP
please check out that
first
link up there.
It's sans paper about
WEP. And
this is actually... I mean it's very
well written. You have
all the links to
the Berkeley paper and
everything about the insecurities of WEP.
But this is
actually well enough written
and
well
it's simple enough so even
a stupid Swede can read it and
actually benefit from it.
And encryption IDS
of course Bruce Schneier
has written
about that. And general
wireless network security. Please go
to allnet.
Check out the netsec. I mean
his
all his articles
are really really great. This is Fred Cohen's
website. But
on the
June article was
about general
wireless network security.
And I
was kind of hoping that he would be
here because we had an email
discussion before this. But
if you aren't
don't come up afterwards.
Basically.
Okay.
And that's just
a thank you note. So I leave that
on and I'll be
glad to take any questions.
And see if I can actually answer them.
To the urls. Sorry.
Yes?
Do I think
WEP is fixable or should it just be
trashed?
I
I must
say that I really don't know enough
mathematics to say that.
I mean
obviously the encryption
is first of all
really really flawed.
Then the
and I mean that's really scary
for me anyway
as a layman. Another thing is that
implementation of WEP
is really really hard to get correct.
So nobody does that.
And the third thing is that even
if the hardware actually
supports doing it correctly
lots of people still doesn't
use it. So I mean
I really don't know how to answer
that question. There is
I know that there are working on
a totally
a total redesign of
of WEP. So
I don't know what it will be called
or if it's
any better.
To my knowledge it's still not crypto
people working on it.
So and that it
that is I think
a huge mistake. Yes?
Is that an answer to your question?
Thank you.
I really don't see that well. If anyone
is just, someone is waving
back there.
Excuse me?
You would like to
Okay.
Please. Can you
come forward and do it in microphone?
Thanks a bunch.
I'm just working for an operator.
I'm Jim. I used to do something
a lot like him for Wayport.
Your friends
at Microsoft have
come up, yeah. I have come up
with something called 802.1X
and the IEEE is working on something
called 802.11e as an
elephant or echo. And both
of these are basically improvements on key distribution
for WEP. I don't think
WEP itself is broken
but there's no KDC and that's what the
real problem is and that's what Berkeley did.
Okay. Thank you.
You're probably right.
Okay.
You in the black t-shirt here?
Yeah.
Yeah.
Yeah.
Hi. Hi.
Yeah.
And if you guys
down back didn't hear what he said, he said
that basically you should
use the same common sense as you
do in wired
networks. You should use that in
wireless networks instead because basically
it's the same thing, it's just a
different access.
Is that correct? Is that how I
should...
No.
Yeah.
Yeah. And I totally
agree with you on that one. It's just
one other thing in that
it is no such
thing as physical
security anymore.
If you're having a wired network
you could still, I mean, lock up
the wires but you can't lock up air.
And you can't, I mean,
prevent people from standing
a mile and a half away
with a directional antenna
and
but other than
that, I mean, you're totally
right. It's
yeah.
So.
Does anyone have a watch? Because I
don't.
10 to 5. Thanks.
You, sir.
Totally random thought.
What about using
EM shielding and such to actually stop the signal
at the edge of the building so you don't get some jam?
Yeah.
It's great except for the cost.
Yeah. And
the gentleman
just behind him said
it's great except for the cost.
And I agree on that.
No. And
but you're
right, of course. I mean...
Yes.
I just wanted to say that
one thing I've noticed from my work
with clients and I've heard other people
say is that
you can't really avoid wireless by just
saying you're not going to do it
because once people get a taste of it,
the user experience
is so provocative
and so convincing
that people
just demand it. Management just wants it.
They don't care if they're exposed.
They don't care. It's just
so convenient and so...
just an incredible user experience
that they basically demand it. So this is
something that you're going to have to deal with
even if you don't have it now. You just can't say
we're not going to do it because people
are going to want it. And they do want it.
So...
I agree with you on that.
We...
I
don't know if this is a typically
European or Scandinavian kind of
thing, but I mean
internet... We got internet
access in
94 basically in Sweden.
And...
And since then we have
had... And this is
actually kind of cool because we have
what is it?
Like... We have 9 million
people living in Sweden and we have
5.4 million
internet subscriptions in Sweden.
So basically every other
person has an internet subscription.
More than every other person.
And probably like
75% of the households
actually have
an internet subscription.
And...
It's really true that if you
give people
the sense of what it is to be
wireless and actually still
have the bandwidth
and or
other kinds of services
and stuff like that, they will get
used to it. And if you
give that to management
you're bound for disaster.
Because they will actually
think that this is... I mean this is way
cooler than having an
ethernet cable and DHCP
or anything
like that, which still actually demands
quite a lot of
infrastructural
workarounds in order to
get work good.
So wireless
access actually
solves a couple of those
problems. Yes.
You in the white shirt over here
have been waving for some time.
Yeah.
Yeah.
That is...
What he is saying is that
they are using a
HTTPS proxy.
Is that true?
So that you log into this proxy
before you actually
get to the access point.
And...
I like that idea.
We have the same kind of thing
actually in our...
We have a service at Telemobile
called Telemobile Home Run
which is
public internet
access over 802.11
basically.
You log into your
subscription over
an HTTPS interface
and then you get
the handshake packets and everything
like that. But the point is that
it isn't really...
That is a solution
to one of the problems here.
However, it's not going to solve
a couple of the other issues and
it's not very easy to implement it
without breaking the standards
either.
But...
You certainly have a point there.
Yes?
Um...
I really don't see that well.
So just shout
if I don't...
Yeah, my name is
Matt Peterson.
I run a group called
the Bayer Wireless User Group
and what Markus is talking about
is definitely real.
If I can plug this in real quick.
These are not hypothetical.
What he's actually doing...
I've been doing it in the States
for quite some time now.
There was an article in the Wall Street Journal
about Peter Shipley and myself
and I highly recommend you see his talk
because essentially what he's got
is a map of San Francisco
of a map quest
and it shows every access point.
There's been kind of some debate
about the way he's doing it
and essentially he's just looking
like scanning any network
and he finds a network and he logs it
and it's pretty simple.
He says that if you beat the stick
and you, per se,
hack the firmware on the intercell devices
you can actually do
true 802.11 frames.
So you can see the real frames now.
Not 802.3.
These are real frames.
I took this about five minutes ago.
So you can see people associating,
de-associating all the probes going out.
So I've got like a list of all these guys.
There's Cisco cards here.
There's Aeronet cards here.
There's $80 cards from Fry's. We've got the whole works here.
So what's nice about this
is that we've got this working
in the sense that we can go atop Berkeley
and we can get a directional dish
and we can hit San Francisco
10 or 20 miles away.
This does exist right now.
You can do this.
So definitely check out Peter Shipley's talk
on war driving tomorrow.
Thank you.
Can we please have an applause for...
What was your name?
Matt Peterson from BayWog.
Okay. Thank you a lot.
Thanks.
Man.
I just wish I had done that.
Not easy.
Well anyway.
But do attend Peter Shipley's talk
tomorrow because
that would be cool.
I guess.
If Peter is here
I would very much like to talk to him
actually. Afterwards.
Um...
Yeah?
Nobody's waving?
Or shouting?
Okay.
Thanks a bunch.
Thank you.
